mattisonchao opened a new pull request, #25552: URL: https://github.com/apache/pulsar/pull/25552
Related to: streamnative/eng-support-tickets#4352 ### Motivation Namespace `property` / `properties` endpoints still authorize through `validateAdminAccessForTenantAsync`, so they do not map to explicit namespace operations. This makes it harder to introduce operation-specific authorization for namespace property reads, updates, and deletes while still keeping compatibility with the legacy tenant-admin authorization path. ### Modifications - Added `GET_PROPERTIES`, `UPDATE_PROPERTIES`, and `DELETE_PROPERTIES` to `NamespaceOperation` - Updated `PulsarAuthorizationProvider` to recognize the new namespace property operations - Added a compatibility helper that accepts either tenant-admin authorization or namespace-operation authorization - Switched namespace `property` / `properties` endpoints to use explicit read, update, and delete operations - Extended `NamespaceAuthZTest` to verify the expected operation is checked for each endpoint ### Verifying this change This change is already covered by existing tests, such as: - `./gradlew --no-configuration-cache :pulsar-broker:test --tests org.apache.pulsar.broker.admin.NamespaceAuthZTest --rerun-tasks` ### Does this pull request potentially affect one of the following parts: - [ ] Dependencies (add or upgrade a dependency) - [x] The public API - [ ] The schema - [ ] The default values of configurations - [ ] The threading model - [ ] The binary protocol - [x] The REST endpoints - [ ] The admin CLI options - [ ] The metrics - [ ] Anything that affects deployment ### Documentation - [ ] `doc` - [ ] `doc-required` - [x] `doc-not-needed` - [ ] `doc-complete` ### Matching PR in forked repository PR in forked repository: https://github.com/mattisonchao/pulsar/pull/3 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
